ADR-011: Docker + Dev Container Pattern

Publishable summary of this architecture decision.

Status: Accepted

Context

WordPress and Moodle projects need a standardized Docker setup that works with Dev Containers (PHPStorm, VS Code), separates DEV/BUILD/PROD, and injects secrets via 1Password.

Decision

Multi-stage Dockerfile (builder → production → development). Base compose + gitignored override + committed devcontainer. Workspace at /workspace, Xdebug toggleable without rebuild, Composer inside the container, secrets via op run / --mount=type=secret / OP Connect. Strict .dockerignore. Makefile with standardized dev commands.

Consequences

Predictable structure across projects. Dev Containers work in PHPStorm and VS Code. Clean prod image. Secrets never in repo.